cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
902
Views
0
Helpful
5
Replies

Nat on a stick...

Matt.Gent
Level 1
Level 1

NatOnAStick.jpg

Main Router:

interface Loopback0

ip address 1.1.1.1 255.255.255.0

ip nat outside

interface FastEthernet0/0

ip address 10.15.16.5 255.255.255.0

ip nat inside

ip policy route-map NAT-EE

interface FastEthernet0/1

ip address 192.168.0.250 255.255.255.0

ip nat outside

ip nat inside source static 10.15.16.11 10.15.16.6

access-list 140 permit ip host 10.15.16.30 host 10.15.16.6

access-list 140 permit ip host 10.15.16.11 host 10.15.16.30

route-map NAT-EE permit 10

match ip address 140

set interface Loopback0

For the purpose of this demonstration 10.15.16.30 and 10.15.16.11 are static physical servers, in reality 10.15.16.30 is a pool of ip address allocated to a number of devices. These devices communicate on a static ip address of 10.15.16.6, the traffic must go through the main router to get nated to 10.15.16.11. A response from 10.15.16.11 is then sent back to the device....

I've been looking through various examples of NAT on a stick and can't see where i'm going wrong. Any help would be appreciated, if you need any more info let me know...

Thanks

5 Replies 5

guibarati
Level 4
Level 4

The question is a bit confusing. But if you are trying to go from 10.15.16.30/24 to 10.15.16.6/24 both hosts are on the same network. They won't go through the router to communicate.

If the host needs both addresses you could try to add a secondary IP address to 10.15.16.6 as 10.15.16.11

Hi, thanks for the help..

10.15.16.6 is not a physical address. Its an address which gets NAT to 10.15.16.11 within the main router.

I'm trying to get 10.15.16.30 traffic to 10.15.16.11 using 10.15.16.6.

For example... if i telnet 10.15.16.6 from 10.15.16.30 I want it to open a connection to 10.15.16.11

Hope this makes it a bit less confusing..

Still, if you are trying to go from 10.15.16.30/24 to 10.15.16.6/24 both hosts are on the same network. They won't go through the router to communicate to each other. If they won't go through the router it can't NAT the address.

Which is where NAT on a stick comes in..."the use of a single physical interface of a       router for a task"

So traffic goes in 10.15.16.5 via the Loopback interface and back out 10.15.16.5.

As you can see on the link. You need two address on the physical interface for it to work. (primary and secondary address). The hosts originating the connection must have a different network as destination. Otherwise they won't go to the router/default gateway. This is basic tcp/ip and arp operation.

The hosts need to see the destination host in a different network than it's own to search for the default gateway. If the "think" they are on the same network they will talk to each other directly with no router, no gateway.

So, no matter what you do with the router, the host is connecting to the destination directly.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094430.shtml

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: